Risky Login

Problems Faced

Isabella frequently logins from various locations as her work involves travelling.  One of her logins has been flagged as ‘risky’ by Microsoft, due to reasons that might not be made apparent to us.

This may be a sign of a compromised account. Under this situation we strongly urge the review of logins to ensure all are legitimate. If any of the logins are not legitimate, then we suggest an immediate password reset and further incident investigation.

Solution

It is absolutely critical that any logins identified as Risky are reviewed as a priority.   If it is a fraudulent login, then immediate action is required – the longer it is left, the more damage that could be done. The more data that could be stolen,  the more staff, clients, and end-users that could be impacted. This is not a situation that you want to find out about weeks, months, or even years later.

Checking hundreds, thousands, or potential tens of thousands of login attempts each day is a tedious and time-consuming process.  The simple fact is that it is not reasonable to expect an administrator to check for risky logins on a daily basis. CatchBefore can undertake this check multiple times per day.   The sooner the situation is discovered, the sooner you can take mitigation steps, and reduce the potential for a larger impact.

Prevention

What are the main questions you should consider when working out how to manage this risk?

• Do you have a system or solution in place to detect risky logins?
• If there was an risky login from one of your users today, would you find out?
• How long do you think it would take to find out that one of your user accounts was subject to a risky login?
• Have you ever checked your system for risky logins?
• What would the impact be on your organisation if a user account was compromised for an extended period of time without detection?